Expand description
Cryptographic helpers for authentication.
- PBKDF2-SHA256 password hashing (600k iterations)
- HMAC-SHA256 JWT signing/verification
Uses pure Rust crates (wasm-compatible, no WebCrypto interop needed).
Constants§
- JWT_
EXPIRY_ SECS - JWT expiry: 1 hour in seconds.
- REFRESH_
EXPIRY_ SECS - Refresh token expiry: 7 days in seconds.
Functions§
- generate_
token - Generate a secure random token (for refresh tokens). Returns hex-encoded.
- hash_
password - Hash a password with PBKDF2-SHA256. Returns
(hash_hex, salt_hex). - hash_
token - Hash a token with SHA-256 for storage. Returns hex-encoded.
- sign_
jwt - Sign a JWT for the given user. Returns the encoded JWT string.
- verify_
jwt - Verify a JWT and return the
sub(user_id) if valid. - verify_
password - Verify a password against a stored hash and salt (both hex-encoded).